Report: Pacemakers Contain ‘Thousands of Vulnerabilities’ for Hackers

Pacemakers contain “thousands of vulnerabilities” for hackers to exploit, according to a recent study.

“In a recent review of seven pacemaker products made by four different vendors, security researchers identified 19 security vulnerabilities that most of them shared,” reported Quartz on Saturday. “Among those was the use of third-party components, which alone comprised 8,600 security flaws. Some of the weaknesses are simple software bugs, and others are vulnerabilities that could be life-threatening under certain conditions.”

“If hackers got their hands on an external monitoring device, for example, they could use it to connect to any pacemaker it supports using a universal authentication token that the vendors built into the devices,” the report claims. “Once connected to a pacemaker, hackers could potentially receive the data the pacemaker transmits and block its transmission to its own monitoring device.”

The security flaws even make it possible to potentially kill a person, according to Quartz.

“Even more concerning, this flaw could be paired with a vulnerability in the pacemaker itself, and used to turn a monitoring device into a pacemaker programmer, which only a patient’s physician is meant to have access to,” they explained. “The monitoring device could then potentially be used to connect to a pacemaker and adjust its settings in such a way that could harm or kill the person who has the implant.”

The report also claims that researchers were able to obtain pacemaker security check devices on eBay, despite the fact that their distribution is supposed to be highly controlled.

“All manufacturers have devices that are available on auction websites,” claimed the researchers. “Programmers can cost anywhere from $500-$3000, home monitoring equipment from $15-$300, and pacemaker devices $200-$3000.”

In the television drama Homeland, a terrorist was able to hack the pacemaker of the Vice President of the United States, before killing him with it. This could theoretically be possible, according to experts.

“The problem is that there has to be a way to access these very small, simple devices to reconfigure them, change their settings and patch the software,” claimed computer security engineer Sujeet Shenoi in 2014. “That means there are a nay number of ways to compromise them and their firmware… The medical device manufacturers are not working hard behind the scenes to stop this happening.”

Charlie Nash is a reporter for Breitbart Tech. You can follow him on Twitter @MrNashington or like his page at Facebook.